From 6ba9e1f5e852fa602b450dd049ffe114214d62e1 Mon Sep 17 00:00:00 2001 From: nadoo <287492+nadoo@users.noreply.github.com> Date: Sun, 16 Dec 2018 13:28:24 +0800 Subject: [PATCH] obfs: compatible with some server implementation in tls mode --- README.md | 2 +- dns/server.go | 4 +++- main.go | 2 +- proxy/obfs/tls.go | 13 ++++++++++++- strategy/strategy.go | 4 ++-- 5 files changed, 19 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 223959b..23524a0 100644 --- a/README.md +++ b/README.md @@ -338,7 +338,7 @@ Examples: - [transparent proxy with dnsmasq](config/examples/8.transparent_proxy_with_dnsmasq) - [transparent proxy without dnsmasq](config/examples/9.transparent_proxy_without_dnsmasq) -### Forwarder Chain +### Proxy & Protocol Chain In glider, you can easily chain several proxy servers or protocols together, e.g: - Chain proxy servers: diff --git a/dns/server.go b/dns/server.go index cceff27..2adbb80 100644 --- a/dns/server.go +++ b/dns/server.go @@ -32,7 +32,9 @@ func NewServer(addr string, dialer proxy.Dialer, config *Config) (*Server, error return s, err } -// Start . +// Start starts the dns forwarding server +// We use WaitGroup here to ensure both udp and tcp serer are completly running, +// so we can start any other services later, since they may rely on dns service. func (s *Server) Start() { var wg sync.WaitGroup wg.Add(2) diff --git a/main.go b/main.go index 56b1715..5873099 100644 --- a/main.go +++ b/main.go @@ -29,7 +29,7 @@ import ( ) // VERSION . -const VERSION = "0.6.10" +const VERSION = "0.6.11" func main() { // read configs diff --git a/proxy/obfs/tls.go b/proxy/obfs/tls.go index 7756bd3..5b6e5f2 100644 --- a/proxy/obfs/tls.go +++ b/proxy/obfs/tls.go @@ -16,6 +16,7 @@ import ( "encoding/binary" "io" "net" + "time" ) const ( @@ -176,7 +177,17 @@ func clientHello() *bytes.Buffer { // Random // https://tools.ietf.org/id/draft-mathewson-no-gmtunixtime-00.txt - random := make([]byte, 32) + // NOTE: + // Most tls implementations do not deal with the first 4 bytes unix time, + // clients do not send current time, and server do not check it, + // golang tls client and chrome browser send random bytes instead. + // + binary.Write(buf, binary.BigEndian, uint32(time.Now().Unix())) + random := make([]byte, 28) + // The above 2 lines of codes was added to make it compatible with some server implementation, + // if we don't need the compatibility, just use the following code instead. + // random := make([]byte, 32) + rand.Read(random) buf.Write(random) diff --git a/strategy/strategy.go b/strategy/strategy.go index 29f3b88..2583b27 100644 --- a/strategy/strategy.go +++ b/strategy/strategy.go @@ -132,10 +132,10 @@ func (d *Dialer) NextDialer(dstAddr string) proxy.Dialer { return d.nextForwarder(dstAddr) } -// Priority returns the active priority of rrDialer +// Priority returns the active priority of dialer func (d *Dialer) Priority() uint32 { return atomic.LoadUint32(&d.priority) } -// SetPriority sets the active priority of rrDialer +// SetPriority sets the active priority of daler func (d *Dialer) SetPriority(p uint32) { atomic.StoreUint32(&d.priority, p) } // initAvailable traverse d.fwdrs and init the available forwarder slice